Legislation would, for the first time, establish Cyber and Computer Network Incident Response Teams

Washington, D.C. – U.S. Senators Kirsten Gillibrand, a member of the Senate Armed Services Committee, David Vitter, Chris Coons, Roy Blunt, Mary Landrieu, Patrick Leahy, Mark Warner and Patty Murray today introduced the Cyber Warriors Act of 2013. This legislation would, for the first time, establish Cyber and Computer Network Incident Response Teams (CCNIRT), known as Cyber Guards, as part of the National Guard, significantly expanding the limited cyber mission being performed by the National Guard.

"Cyber attacks are at the top of the threats that could affect every aspect of our national and economic security," Senator Gillibrand said. "Terrorists could shut down electric grids in the middle of winter, zero-out bank accounts, or take down a stock exchange causing an unimaginable amount of disruption and harm. Meanwhile, our military and homeland cyber defense forces are thousands short of the need identified by our leaders. We must ensure that we can recruit and retain talented individuals who can protect our nation's cybersecurity at home and abroad."

"Cyber-attacks remain one of the highest threats to the United States, and there is no excuse for us to not be completely prepared with resources and personnel," Senator Vitter said. "Our legislation will help ensure that many of our states, including Louisiana, can continue developing capabilities and cyber response effectiveness."

"The National Guard is always ready when natural or manmade disasters strike at home," Senator Coons said. "The Cyber Warrior Act allows them to respond to cyber disasters, too, an increasingly common threat to our country from organized crime, terrorists, and even nation-states. The Cyber Warrior Act will ensure that in the first hours and days after a devastating cyber attack, our local responders will have the same support of the National Guard for response and recovery that they do when a hurricane strikes. Delaware's 166th Network Warfare Squadron is a model for what can be achieved when the Guard leverages the unique private-sector skills and experiences of its members, and this bill will help other states build similar capacity."

"I'm glad to co-sponsor this bipartisan legislation, which will establish Cyber Guard Civil Support Teams in all 50 states and four territories. As cyber-attacks are something we're increasingly more and more concerned about, having people in the Guard who are also out there every day in the IT community would be an incredible way to increase access to skilled employees that the uniform forces may not be able to afford," said Senator Blunt. "I believe Missouri could certainly be a prototype for what these units should look like nationwide."

"Attacks no longer come just by land, air or sea. As we continually rely more on technology in our infrastructure, government, businesses and daily lives, we must ensure that we are protected from malicious attacks and harm in these new landscapes," Senator Landrieu said. "We need talented individuals on the frontlines of this evolving threat, and I am proud that this bill would make cyber security professionals a permanent part of our armed forces. Louisiana will continue to be out in front of this effort as we train homegrown cyber warriors to meet the current and future needs of our nation."

Senator Patrick Leahy (D-Vt.), co-chair of the Senate National Guard Caucus, said, "The National Guard is a superb defensive asset that has grown and adapted to meet an widening array of national security and homeland defense challenges. I have long felt that the National Guard can and should play a key role in cyber defense. In Vermont our Guard's 229th Information Operations Squadron has been training cyber security experts for several years. I am glad to support this bill which would expand their efforts to provide a local cyber security capability that is available not just to federal authorities, but also to state and local entities, under command of the Governor."

"Many Virginia Guard personnel and reservists already have high-level cyber expertise, and this will allow us to leverage these skillsets while expanding the overall capabilities of our Guard and Reserve," Senator Warner said. "Virginia already has a significant footprint in terms of public and private sector capabilities, and this initiative will serve to strengthen those partnerships."

"The Cyber Warriors Act is a good first step in capitalizing on the good work National Guard units are doing everyday across America," said Senator Murray. "But there is certainly more work to be done. Servicemembers, like the Airmen in the 262nd Network Warfare Squadron of the 194th Regional Air Support Wing in the Washington Air National Guard, are already conducting network security operations and recognized as Cyber Warfare leaders. We must continue to provide cyber guards the tools and resources necessary to carry out their mission of safeguarding our economy, critical infrastructure, and citizens in this new era of security at home and abroad."

The 2013 World Threat Assessment of the U.S. Intelligence Community, which listed cyber attacks and espionage as the first among the risks facing the U.S., states that, "We judge that there is a remote chance of a major cyber attack against U.S. critical infrastructure systems during the next two years that would result in long-term, wide-scale disruption of services, such as a regional power outage."

Yet our government lacks enough cyber experts. According to Alan Paller of the SANS Institute, the Pentagon alone is short by about 10,000 cyber experts with only 2,000 currently in place. There is also a shortfall of both capability and capacity at the federal, state, and local levels to prepare, respond, and mitigate the effects of cyber events. In today's economic environment, many of the top computer network operations and information technology (CNO/IT) specialists are choosing to work in the private sector, attracted by financial incentives, entrepreneurship trainings and flexibility.

To remain competitive, the Department of Defense acknowledges that it must develop new and innovative ways and receive the tools needed to recruit and retain cyber warriors. The Department of Defense Strategy for Operating in Cyberspace states that "the demand for new cyber personnel is high, commensurate with the severity of cyber threats. DoD must make itself competitive if it is to attract technically skilled personnel to join government service for the long-term. Paradigm-shifting approaches such as the development of Reserve and National Guard cyber capabilities can build greater capacity, expertise, and flexibility across DoD, federal, state, and private sector activities."

The Cyber Warrior Act of 2013 would place Cyber Guards in each state and territory, which could provide a scalable response. This National Guard unit can be activated by the Governor or Secretary of Defense depending on the response needed. These cyber teams would combine Active Guard and Traditional Guard Members, leveraging Members' private sector IT experience. The use of the Guard would also support the goal of retaining the cyber trained military personnel who would otherwise leave the service.

As with any Guard unit, the legislation would allow Governors to call up their Cyber Guard to address a local cyber emergency, boosting the capacity to protect computer networks in the homeland where the military may not play a role. The bill would also allow Governors to get the Guard to help train State and Local Law Enforcement and other Cyber Responders in cyber security, and help them develop sound best practices that allow more cohesive interaction with Federal-level responders.

Finally, the legislation would require the Secretary of Defense to report on the following ways to attract and retain more cyber warriors:

· A description and assessment of various mechanisms to recruit and retain members of the regular and reserve components of the Armed Forces;

· An assessment of the use of virtual and/or short term deployments in case of cyber incident responses; and

· A description of the training requirements and physical demands in the cyber specialties.

Published: 2015-03-03Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Published: 2015-03-03** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.